From c3c2aa70930a8501cad90bc864a06141102ed906 Mon Sep 17 00:00:00 2001
From: Alex Chan <alexc@tailscale.com>
Date: Thu, 18 Jun 2026 16:15:58 +0100
Subject: [PATCH] all: don't repeat the the word "the" unnecessarily

Updates #cleanup

Change-Id: Ic1f430cd5dbf6cc1a385c59074a5d5cabe6fca57
Signed-off-by: Alex Chan <alexc@tailscale.com>
---
 cmd/k8s-nameserver/main.go                 | 2 +-
 cmd/tailscale/cli/appcroutes.go            | 2 +-
 cmd/tailscale/cli/tailnet-lock.go          | 2 +-
 cmd/tsidp/tsidp.go                         | 2 +-
 control/controlknobs/controlknobs.go       | 2 +-
 health/health_test.go                      | 6 +++---
 ipn/desktop/extension.go                   | 2 +-
 ipn/ipnlocal/local_test.go                 | 2 +-
 ipn/ipnlocal/state_test.go                 | 2 +-
 ipn/lapitest/opts.go                       | 2 +-
 logtail/logtail.go                         | 2 +-
 net/netns/netns_darwin.go                  | 2 +-
 safeweb/http.go                            | 2 +-
 util/eventbus/eventbustest/eventbustest.go | 2 +-
 util/winutil/svcdiag_windows.go            | 2 +-
 util/winutil/winutil_windows.go            | 2 +-
 16 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/cmd/k8s-nameserver/main.go b/cmd/k8s-nameserver/main.go
index 1b219fb1a..1e6a1dea9 100644
--- a/cmd/k8s-nameserver/main.go
+++ b/cmd/k8s-nameserver/main.go
@@ -29,7 +29,7 @@
 const (
 	// tsNetDomain is the domain that this DNS nameserver has registered a handler for.
 	tsNetDomain = "ts.net"
-	// addr is the the address that the UDP and TCP listeners will listen on.
+	// addr is the address that the UDP and TCP listeners will listen on.
 	addr = ":1053"
 	// defaultTTL is the default TTL for DNS records in seconds.
 	// Set to 0 to disable caching. Can be increased when usage patterns are better understood.
diff --git a/cmd/tailscale/cli/appcroutes.go b/cmd/tailscale/cli/appcroutes.go
index 04cbcdd83..f3936915f 100644
--- a/cmd/tailscale/cli/appcroutes.go
+++ b/cmd/tailscale/cli/appcroutes.go
@@ -40,7 +40,7 @@
 learned for each domain.
 
 --all prints the routes learned from the domains configured in the app connector configuration; and any extra routes provided
-in the the policy app connector 'routes' field.
+in the policy app connector 'routes' field.
 
 --map prints the routes learned from the domains configured in the app connector configuration.
 
diff --git a/cmd/tailscale/cli/tailnet-lock.go b/cmd/tailscale/cli/tailnet-lock.go
index 6e3f7028c..43df1a7f1 100644
--- a/cmd/tailscale/cli/tailnet-lock.go
+++ b/cmd/tailscale/cli/tailnet-lock.go
@@ -386,7 +386,7 @@ func runTailnetLockRemove(ctx context.Context, args []string) error {
 		if isatty.IsTerminal(os.Stdout.Fd()) {
 			fmt.Printf(`Warning
 Removal of a signing key(s) without resigning nodes (--re-sign=false)
-will cause any nodes signed by the the given key(s) to be locked out
+will cause any nodes signed by the given key(s) to be locked out
 of the Tailscale network. Proceed with caution.
 `)
 			if !prompt.YesNo("Are you sure you want to remove the signing key(s)?", true) {
diff --git a/cmd/tsidp/tsidp.go b/cmd/tsidp/tsidp.go
index d6dfc7900..24c823d71 100644
--- a/cmd/tsidp/tsidp.go
+++ b/cmd/tsidp/tsidp.go
@@ -1403,7 +1403,7 @@ func readUint64(r io.Reader) (uint64, error) {
 	}
 }
 
-// rsaPrivateKeyJSONWrapper is the the JSON serialization
+// rsaPrivateKeyJSONWrapper is the JSON serialization
 // format used by RSAPrivateKey.
 type rsaPrivateKeyJSONWrapper struct {
 	Key string
diff --git a/control/controlknobs/controlknobs.go b/control/controlknobs/controlknobs.go
index 2f9b5143d..280953cd9 100644
--- a/control/controlknobs/controlknobs.go
+++ b/control/controlknobs/controlknobs.go
@@ -25,7 +25,7 @@ type Knobs struct {
 	// the client port.
 	RandomizeClientPort atomic.Bool
 
-	// OneCGNAT is whether the the node should make one big CGNAT route
+	// OneCGNAT is whether the node should make one big CGNAT route
 	// in the OS rather than one /32 per peer.
 	OneCGNAT syncs.AtomicValue[opt.Bool]
 
diff --git a/health/health_test.go b/health/health_test.go
index 4b5af6d76..f6e877f18 100644
--- a/health/health_test.go
+++ b/health/health_test.go
@@ -323,7 +323,7 @@ func TestSetUnhealthyWithTimeToVisible(t *testing.T) {
 					// after mw.TimeToVisible / 2.
 				}
 
-				// Advance time to get past the the TimeToVisible duration.
+				// Advance time to get past the TimeToVisible duration.
 				// The watcher should be notified of the unhealthy state.
 				clock.Advance(mw.TimeToVisible/2 + 1)
 				<-becameUnhealthy
@@ -340,7 +340,7 @@ func TestSetUnhealthyWithTimeToVisible(t *testing.T) {
 				ht.SetUnhealthy(mw, Args{ArgError: "Hello world"})
 				ht.SetHealthy(mw)
 
-				// Advance to get past the the TimeToVisible delay.
+				// Advance to get past the TimeToVisible delay.
 				clock.Advance(mw.TimeToVisible * 2)
 				synctest.Wait()
 
@@ -577,7 +577,7 @@ func TestNoDERPHomeWarnable(t *testing.T) {
 	clock.Advance(30 * time.Second)
 	ht.updateBuiltinWarnablesLocked()
 
-	// Advance to get past the the TimeToVisible delay.
+	// Advance to get past the TimeToVisible delay.
 	clock.Advance(noDERPHomeWarnable.TimeToVisible * 2)
 
 	ht.updateBuiltinWarnablesLocked()
diff --git a/ipn/desktop/extension.go b/ipn/desktop/extension.go
index 3e96a9c4c..23e265401 100644
--- a/ipn/desktop/extension.go
+++ b/ipn/desktop/extension.go
@@ -23,7 +23,7 @@
 )
 
 // featureName is the name of the feature implemented by this package.
-// It is also the the [desktopSessionsExt] name and the log prefix.
+// It is also the [desktopSessionsExt] name and the log prefix.
 const featureName = "desktop-sessions"
 
 func init() {
diff --git a/ipn/ipnlocal/local_test.go b/ipn/ipnlocal/local_test.go
index b0d24cf7a..0078d6ed9 100644
--- a/ipn/ipnlocal/local_test.go
+++ b/ipn/ipnlocal/local_test.go
@@ -8377,7 +8377,7 @@ func (f *fakeAttestationKey) Clone() key.HardwareAttestationKey {
 // TestStripKeysFromPrefs tests that LocalBackend's [stripKeysFromPrefs] (as used
 // by sendNotify etc) correctly removes all private keys from an ipn.Notify.
 //
-// It does so by testing the the two ways that Notifys are sent: via sendNotify,
+// It does so by testing the two ways that Notifys are sent: via sendNotify,
 // and via extension hooks.
 func TestStripKeysFromPrefs(t *testing.T) {
 	// genNotify generates a sample ipn.Notify with various private keys set
diff --git a/ipn/ipnlocal/state_test.go b/ipn/ipnlocal/state_test.go
index 85a421f02..51d7d2366 100644
--- a/ipn/ipnlocal/state_test.go
+++ b/ipn/ipnlocal/state_test.go
@@ -1247,7 +1247,7 @@ func TestEngineReconfigOnStateChange(t *testing.T) {
 	}{
 		{
 			name: "Initial",
-			// The configs are nil until the the LocalBackend is started.
+			// The configs are nil until the LocalBackend is started.
 			wantState:     ipn.NoState,
 			wantCfg:       nil,
 			wantRouterCfg: nil,
diff --git a/ipn/lapitest/opts.go b/ipn/lapitest/opts.go
index 5ed2f9757..1e2855700 100644
--- a/ipn/lapitest/opts.go
+++ b/ipn/lapitest/opts.go
@@ -66,7 +66,7 @@ func (o *options) Sys() *tsd.System {
 
 // Backend returns the [ipnlocal.LocalBackend] to be used by the server.
 // If a backend is provided via [WithBackend], it is used as-is.
-// Otherwise, a new backend is created with the the [options] in o.
+// Otherwise, a new backend is created with the [options] in o.
 func (o *options) Backend() *ipnlocal.LocalBackend {
 	return o.backend.Get(func() *ipnlocal.LocalBackend { return newBackend(o) })
 }
diff --git a/logtail/logtail.go b/logtail/logtail.go
index a441c2306..563745b3a 100644
--- a/logtail/logtail.go
+++ b/logtail/logtail.go
@@ -973,7 +973,7 @@ func (lg *Logger) appendTextOrJSONLocked(dst, src []byte, level int) []byte {
 	}
 
 	// Check whether the reserved logtail member occurs in the log data.
-	// If so, it is moved to the the logtail/error member.
+	// If so, it is moved to the logtail/error member.
 	const jsonSeperators = ",:"      // per RFC 8259, section 2
 	const jsonWhitespace = " \n\r\t" // per RFC 8259, section 2
 	var errDetail string
diff --git a/net/netns/netns_darwin.go b/net/netns/netns_darwin.go
index e5d01542e..844128dda 100644
--- a/net/netns/netns_darwin.go
+++ b/net/netns/netns_darwin.go
@@ -85,7 +85,7 @@ func getInterfaceIndex(logf logger.Logf, netMon *netmon.Monitor, address string)
 		// Preferentially choose the OS's view of the default if index.  Due to the way darwin sets the delegated
 		// interface on tunnel creation only, it is possible for netmon to have a stale view of the default and
 		// netmon's view is often temporarily wrong during network transitions, or for us to not have the
-		// the the oses view of the defaultIf yet.
+		// the oses view of the defaultIf yet.
 		if osIferr == nil {
 			idx = osIf.InterfaceIndex
 			errOut = nil
diff --git a/safeweb/http.go b/safeweb/http.go
index d52412bd3..a2f48b965 100644
--- a/safeweb/http.go
+++ b/safeweb/http.go
@@ -19,7 +19,7 @@
 // package. The application must template the CSRF token into its forms using
 // the [TemplateField] and [TemplateTag] APIs. Applications that are served in a
 // secure context (over HTTPS) should also set the SecureContext field to true
-// to ensure that the the CSRF cookies are marked as Secure.
+// to ensure that the CSRF cookies are marked as Secure.
 //
 // In addition, browser routes will also have the following applied:
 //   - Content-Security-Policy header that disallows inline scripts, framing, and third party resources.
diff --git a/util/eventbus/eventbustest/eventbustest.go b/util/eventbus/eventbustest/eventbustest.go
index b3ef6c884..82436c912 100644
--- a/util/eventbus/eventbustest/eventbustest.go
+++ b/util/eventbus/eventbustest/eventbustest.go
@@ -232,7 +232,7 @@ type Injector struct {
 }
 
 // NewInjector constructs an [Injector] that can be used to inject events into
-// the the stream of events used by code under test. After construction the
+// the stream of events used by code under test. After construction the
 // caller may use [Inject] to insert events into the bus.
 func NewInjector(t *testing.T, b *eventbus.Bus) *Injector {
 	inj := &Injector{
diff --git a/util/winutil/svcdiag_windows.go b/util/winutil/svcdiag_windows.go
index e28f9b6af..b9356d2f2 100644
--- a/util/winutil/svcdiag_windows.go
+++ b/util/winutil/svcdiag_windows.go
@@ -212,7 +212,7 @@ func getSvcTriggerInfo(svc *mgr.Service) (*_SERVICE_TRIGGER_INFO, error) {
 
 // makeLogEntry consolidates relevant service information into a svcStateLogEntry.
 // We record the values of various service configuration constants as strings
-// so the the log entries are easy to interpret at a glance by humans.
+// so the log entries are easy to interpret at a glance by humans.
 func makeLogEntry(svc *mgr.Service, status svc.Status, cfg mgr.Config) (entry svcStateLogEntry) {
 	entry.ServiceName = svc.Name
 
diff --git a/util/winutil/winutil_windows.go b/util/winutil/winutil_windows.go
index cab0dabdf..d95d8b263 100644
--- a/util/winutil/winutil_windows.go
+++ b/util/winutil/winutil_windows.go
@@ -577,7 +577,7 @@ func lookupPseudoUser(uid string) (*user.User, error) {
 	}
 
 	// We're looking for SIDs "S-1-5-x" where 17 <= x <= 20.
-	// This is checking for the the "5"
+	// This is checking for the "5"
 	if sid.IdentifierAuthority() != windows.SECURITY_NT_AUTHORITY {
 		return nil, fmt.Errorf(`SID %q does not use "NT AUTHORITY"`, uid)
 	}